Identity Providers and Federation

If you already manage user identities outside of AWS, you can use IAM identity
providers instead of creating IAM users in your AWS account. With an identity
provider (IdP), you can manage your user identities outside of AWS and give these
external
user identities permissions to use AWS resources in your account. This is useful if
your
organization already has its own identity system, such as a corporate user directory.
It is also
useful if you are creating a mobile app or web application that requires access to
AWS
resources.

When you use an IdP, you don't have to create custom sign-in code or manage your own
user
identities; the IdP provides that for you. Your external users sign in through a well-known
identity provider, such as Login with Amazon, Facebook, Google, and many others. You
can give
those external identities permissions to use AWS resources in your account. Identity
providers
help keep your AWS account secure because you don't have to distribute or embed long-term
security credentials, such as IAM access keys, in your application.